Privacy Notice

Worrell Privacy Notice

Worrell is a global design firm specializing in healthcare innovation and strategy. We are also committed to respecting your privacy. This Privacy Notice (“Notice”) explains how Worrell (“Worrell,” “we,” “our,” or “us”) collects and uses personal information and the choices you can make. This Notice applies to your use of the website and addresses information we collect from you – for example, as a customer and/or through your participation in one of our healthcare-related projects.

Our site may be linked on other websites or may contain links to other websites, and we may ask you to engage with other applications or platforms to participate in our projects. Our Privacy Notice only applies to Worrell, and we are not responsible for the privacy practices, security standards, or content of other sites, applications, or companies. You should check the privacy policies of those sites before providing your personal information to them.

We encourage you to read this Privacy Notice in its entirety before browsing our site or otherwise engaging with us by sharing your personal information. By doing so, you acknowledge that you have read and agree to this Privacy Notice.

Personal Information We Collect

We collect various types of personal information when you purchase services from us, choose to participate in one of our projects, join us for online webinars and similar forums, connect with us on social media, respond to a survey that we administer, or when we otherwise engage with you. This information may be collected directly from you or indirectly through your device or browser when you visit our site.

We use your information to design, perform, and fulfill the objectives of the healthcare-related projects you may purchase from us; to recruit and enable your participation in our projects; to customize and improve the advertising and content we offer; to deliver marketing communications and promotional materials that you may be interested in; to protect the security or integrity of our databases or websites; to detect and prevent fraud or illegal activity; to take precautions against liability; to detect and remediate misuse of our site; to develop and improve our services; and for internal operational purposes.

The following chart describes what categories of personal information we may collect from you, the business purposes for which we generally use such information, and which types of trusted third parties and service providers we may share that information with.




Personal identifiers

Name, Job Title, Company, Postal Address, Phone Number, Email Address, Voice and Image (photo, video), Age, Gender, Distinguishing Features (scars, tattoos), Professional Licensure, Social Media Handle, Project Participant ID

  • Enable your participation in our projects
  • Process payments for your participation in our projects
  • Offer participation in future projects that may be a fit for your interests, expertise, or personal attributes
  • Produce and share informational and education content (e.g., seminars, webinars)
  • Contact you with updates to this Notice
  • Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activities
  • Legal and regulatory compliance
  • Project sponsors
  • Project recruiters, suppliers, and site operators
  • Payment processors
  • Shipping providers
  • Survey and webinar hosting providers 
  • Back-office service providers
  • Fraud prevention and site security providers
  • Government and regulatory authorities

Special Category Information – with your explicit consent

Racial or Ethnic Origin, Health Data

  • Enable your participation in our projects
  • Offer participation in future projects that may be a fit for your interests, expertise, or personal attributes
  • Legal and regulatory compliance
  • Project sponsors
  • Project recruiters, suppliers, and site operators
  • Back-office service providers
  • Government and regulatory authorities

Payment Information

Banking Details, Online Payment Details

  • Process payments for your participation in our projects
  • Legal and regulatory compliance
  • Project recruiters
  • Payment processors
  • Back-office service providers

Internet or Electronic Network Activity Information and Geolocation Information

Marketing Consents, IP Address, Location, Cookies, Website Browsing and Interaction Activity, Other Device or Browser Identifiers

  • Analytics to improve our website
  • Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
  • Website performance and analytics providers
  • Fraud prevention and site security

In addition to any personal information that you might provide when you do things like buy our services or participate in one of our projects, we may also have access to other information about you from relevant publicly available sources, if you interact with us via social media, or in certain other situations.


If you interact with content on our social media profiles (for example, if you “like” or share a post from one of our accounts, such as LinkedIn, Facebook, Twitter, YouTube, Instagram, or others), those social media sites may share information about you with us, including your public profile, e-mail address, and friend list. If you choose to “like” or share content, information about you may be publicly displayed on the social network, depending on your privacy settings. You should review the privacy notice of that social media site and check your privacy settings through that site. If you post information on a social media or another third-party service that references our brand or our services (e.g., commenting on a Worrell post on LinkedIn or via a Twitter hashtag), we may publish your post on our social media accounts or websites.


We use cookies and other tracking technologies to collect your information when you visit our sites. We use such information to analyze trends, remember user settings, track user movements, and market our services. We may obtain reports based on the use of these technologies on an individual and/or aggregated basis. You can control cookies through your browser setting and by other means available on our website. 


We may also obtain data that is publicly available or from third party sources, such as our recruiting partners, to supplement our records and improve the accuracy of and add to what we know about our project participants and customers. We may combine this information with your personal information for the purposes described in this Notice. 


In addition to information collected from our customers and prospective customers, we and our service providers also collect certain information from candidates who apply for a job with Worrell to contact you about your application and evaluate your qualifications for the position, including your name, phone number, e-mail address, postal address, education information, and employment information.

How We Share Your Personal Information

We do not sell, license, or share the personal information we collect with unaffiliated third parties for their marketing purposes. We may share personal information in the following situations.

Service Providers

We use service providers to act on our behalf – for example, to help us recruit project participants, enable your participation in our projects, process payments to project participants and/or healthcare facilities, enhance and personalize your experience with us, conduct market research, or provide vital back-office services. Our service providers may receive your name and contact information, payment information, information about the nature of your participation in our projects, your special category personal information, cookies and other device identifiers, IP address, and website browsing activity. These service providers are only allowed to use your information in connection with the specific service they provide on our behalf. Also, we ensure that these service providers are bound to preserve the confidentiality of your personal data and comply with applicable data privacy and other laws in handling your data.

Professional Advisors

We may disclose your personal information to professional advisors such as lawyers, bankers, strategic consultants, auditors, and insurers, where necessary in the course of the professional services that they render to us.

For Compliance, Fraud Prevention, and Safety

We may share your personal information for the compliance, fraud prevention, and safety purposes – for example, to (i) enable public disclosure of certain information pursuant to applicable law, (ii) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims), (iii) enforce the terms and conditions that govern our website and sale of services, and (iv) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

Business Transfers

We may sell, transfer, or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Notice.


We may share your information among our corporate affiliates and subsidiaries for purposes described in this Notice.

Law Enforcement and Other Situations

We may be required to share certain information to respond to a subpoena or similar judicial process, to comply with state, federal or local laws, to protect the security or integrity of our databases or website, to take precautions against liability, in the event of a corporate reorganization or, to the extent required by law, to provide information to law enforcement agencies.


Our business and website are intended for use by a mature, adult audience and is not targeted directly at children. We will not knowingly collect personally identifiable information from children. If we become aware that a child under the age of 16 has provided personal information through our site, we will remove their personally identifiable information from our files. If a parent or guardian becomes aware that their child has provided such information through our site, the parent or guardian should contact us in writing at [email protected] so that we may respond appropriately. 

From time to time, the scope of one of our healthcare-related projects may call for the participation by people under the age of 18. In these cases, we have procedures in place to ensure that such participants are represented by an adult authorized with parental responsibility; that both the participant and the adult representative are fully informed regarding the scope of the project, the minor’s participation, and personal data processing; and we proceed only upon the explicit informed consent of the authorized adult.

Your Choices

You have choices about how your information is collected and used.  You can notify us of your preferences when you share your information with us, and if you would like to review, correct, or delete your account information on our site or in our systems. You can do so by contacting us directly. 

There may be times when we are unable to fulfill your request – for example, if providing access to your personal information would reveal confidential commercial or proprietary information or personal information about someone else (and we cannot separate your data), if we are prohibited by law from disclosing the information, or if we have a legal obligation to retain certain data. We may require additional personal information from you for the purposes of verifying your identity and rights.

If you are a resident of the European Economic Area, Switzerland, or the United Kingdom, you can learn more about your additional rights below.

Access or Update Your Information

If you have participated in a project with us, you may review and update certain personal information with respect to that project by contacting us directly.

Opt-Out of Marketing Communications

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions contained in the email message. We reserve the right to send you certain communications relating to the projects you participated in or a Notice update. We do not offer you the ability to opt-out of receiving those communications.

Cookies and Browser Web Storage

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the information, and services we provide on our sites may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Security Practices

We use reasonable and appropriate organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration, and destruction of the personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. If we are required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.

International Data Transfers

We are headquartered in the United States and have service providers and authorized representatives (e.g., agents, distributors, resellers) in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country. Users in the EEA, Switzerland, and the United Kingdom should read the important information provided below about transfer of personal information outside of those areas.

Changes To This Privacy Notice

As we implement new technology and introduce new services or otherwise change our privacy practices, or in response to changes in applicable laws or regulations, we may modify this Notice and provide notice to you by posting updates on this page. Please check back periodically to view any updates. Changes to our Notice will become effective when posted.  If we change this Privacy Notice in a material way, we will endeavor to promptly notify our customers through a prominent notice on our website.  

How To Contact Us

For further information regarding this Privacy Notice or related Worrell policies and procedures, please contact us at [email protected]

Supplemental (GDPR) Notice to Residents of the EEA, Switzerland, and United Kingdom

Effective Date: August 2021


Worrell is the controller of your personal information covered by this Privacy Notice for purposes of UK and European data protection legislation.

Worrell has appointed DataRep as our Data Protection Representative so that you can contact us directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway and Iceland in the EEA. If you want to raise a question with Worrell, or otherwise exercise your rights with regard to your personal data, you may do so (i) via email at [email protected] in the EU or at [email protected] in the UK, quoting Worrell in the subject line of the message, or (ii) by mailing your inquiry to DataRep at one of their locations most convenient for you. 

Please note – when mailing inquiries to DataRep, it is essential that you mark your letters for DataRep and not Worrell, or your inquiry may not reach us. Please refer clearly to Worrell in your correspondence. If you have concerns over how DataRep will handle the personal data it will require to process your inquiry, please refer to their privacy notice at


The legal bases for processing your information as set out in this Privacy Notice are as follows:

  • Where we have your consent, in accordance with applicable legal requirements, to use your information for a particular purpose, which consent you may withdraw at any time by contacting us – for example, to participate in one of our healthcare-related projects, or to receive direct marketing messages from us;
  • Where use of your information is necessary to perform our obligations under a contract with you – for example, to comply with the terms and conditions that apply to the services you bought from us;
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others – for example, to operate our business; for direct marketing purposes, as appropriate; to make and receive payments; to engage in employment relationships; to comply with legal requirements and defend our legal rights; to provide security for our websites, software, or applications; and to prevent fraud; or
  • Where we use your information to comply with applicable legal obligations – for example, keeping track of purchases for tax and auditing purposes.


We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.


If you participate in one of our projects, you may be asked to provide us with sensitive personal information – for example, information related to racial/ethnic origin or your health. If you provide us with any sensitive personal information to enable your participation in one of our healthcare-related projects, you must explicitly consent to our processing and use of such sensitive personal information in accordance with this Privacy Notice. If you do not consent to our processing and use of such sensitive personal information, you must not participate in the project or submit such sensitive personal information to us.


Our servers are in the United States. If you choose to provide us with your information as described in this Notice, we may transfer your personal information cross-border. For example, we may transfer your information to affiliates, partners, service providers, or other third parties located outside of your home country, for the purposes described in this Notice. The laws governing data collection and use in the United States may differ and not provide the same level of protection as the jurisdiction in which you reside.

Where we transfer data from the EEA, Switzerland, and the United Kingdom, we will implement appropriate safeguards to comply with applicable law in relation to the transfer including the EU Standard Contractual Clauses or other measures that comply with applicable law, for personal data that is being transferred to places where the EEA, Switzerland, and the United Kingdom have determined that an adequate level of protection is not guaranteed.  

By providing us with your information, you acknowledge such transfers.  If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based.  If you would like further information about these transfer mechanisms, please feel free to contact us at [email protected]


UK and European data protection laws give you certain rights regarding your personal information. If you are located in the EEA, Switzerland, or the United Kingdom, you may ask us to take the following actions in relation to your personal information that we hold:

Access Provide you with information about our processing of your personal information and give you access to your personal information.

Correct Update or correct inaccuracies in your personal information.

Delete Delete your personal information.

Transfer Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict Restrict the processing of your personal information.

Object Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests contacting us at [email protected] or our postal address provided above. Information necessary for the purposes of maintaining business records regarding a deleted or cancelled account, including records of credit transactions and account ownership, will be retained in accordance with applicable law. We may decline to process requests that are frivolous/vexatious, would jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. We may also decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes.

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.